The longer story behind each IPAuth use case: the problem, why it matters, how people solve it today and what that costs, and where a roving IP allowlist fits.
An exposed port 22 is a standing liability. How teams handle it today (fail2ban, bastions, VPNs, Tailscale) and how a roving IP allowlist closes the door without locking you out.
Keeping preview and staging private when a VPN is overkill: basic auth, hand-kept IP lists, Cloudflare Access, and the self-service roving allowlist.
Give one person access to a gated resource without exposing it publicly or pasting their IP every time they change networks.
Protect /login or /admin from the open internet with no VPN, no SSO rollout, and no new user accounts. A signed cookie marks the browser, not the IP.
Default-deny your API at the CDN and let your developers' roaming IPs flow into the edge allowlist automatically. The pattern we run on NOC.
Bind an API credential to a roving origin IP so a leaked key fails closed from everywhere except the box that owns it.